Class: Google::Apis::AdminDirectoryV1::RoleAssignment

Inherits:

Object

• Object
• Google::Apis::AdminDirectoryV1::RoleAssignment

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/admin_directory_v1/classes.rb,
lib/google/apis/admin_directory_v1/representations.rb,
lib/google/apis/admin_directory_v1/representations.rb

Overview

Defines an assignment of a role.

Instance Attribute Summary

• #assigned_to ⇒ String

  The unique ID of the entity this role is assigned to—either the user_id of a user, the group_id of a group, or the uniqueId of a service account as defined in Identity and Access Management (IAM).

• #assignee_type ⇒ String

  Output only.

• #condition ⇒ String

  Optional.

• #etag ⇒ String

  ETag of the resource.

• #kind ⇒ String

  The type of the API resource.

• #org_unit_id ⇒ String

  If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.

• #role_assignment_id ⇒ Fixnum

  ID of this roleAssignment.

• #role_id ⇒ Fixnum

  The ID of the role that is assigned.

• #scope_type ⇒ String

  The scope in which this role is assigned.

Instance Method Summary

• #initialize(**args) ⇒ RoleAssignment constructor

  A new instance of RoleAssignment.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ RoleAssignment

Returns a new instance of RoleAssignment.

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4017

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#assigned_to ⇒ String

The unique ID of the entity this role is assigned to—either the user_id of a user, the group_id of a group, or the uniqueId of a service account as defined in Identity and Access Management (IAM). Corresponds to the JSON property assignedTo

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 3950

def assigned_to
  @assigned_to
end

#assignee_type ⇒ String

Output only. The type of the assignee (USER or GROUP). Corresponds to the JSON property assigneeType

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 3955

def assignee_type
  @assignee_type
end

#condition ⇒ String

Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A RoleAssignment with the condition field set will only take effect when the resource being accessed meets the condition. If condition is empty, the role (role_id) is applied to the actor (assigned_to) at the scope (scope_type) unconditionally. Currently, the following conditions are supported: - To make the RoleAssignment only applicable to Security Groups: api.getAttribute('cloudidentity. googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource. type == 'cloudidentity.googleapis.com/Group' - To make the RoleAssignment not applicable to Security Groups: !api.getAttribute('cloudidentity.googleapis.com/groups. labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity. googleapis.com/Group' Currently, the condition strings have to be verbatim and they only work with the following pre-built administrator roles: - Groups Editor - Groups Reader The condition follows Cloud IAM condition syntax. Additional conditions related to Locked Groups are available under Open Beta. - To make the RoleAssignment not applicable to Locked Groups: ! api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny([' groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group' This condition can also be used in conjunction with a Security-related condition. Corresponds to the JSON property condition

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 3984

def condition
  @condition
end

#etag ⇒ String

ETag of the resource. Corresponds to the JSON property etag

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 3989

def etag
  @etag
end

#kind ⇒ String

The type of the API resource. This is always admin#directory#roleAssignment. Corresponds to the JSON property kind

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 3994

def kind
  @kind
end

#org_unit_id ⇒ String

If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. Corresponds to the JSON property orgUnitId

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4000

def org_unit_id
  @org_unit_id
end

#role_assignment_id ⇒ Fixnum

ID of this roleAssignment. Corresponds to the JSON property roleAssignmentId

Returns:

• (Fixnum)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4005

def role_assignment_id
  @role_assignment_id
end

#role_id ⇒ Fixnum

The ID of the role that is assigned. Corresponds to the JSON property roleId

Returns:

• (Fixnum)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4010

def role_id
  @role_id
end

#scope_type ⇒ String

The scope in which this role is assigned. Corresponds to the JSON property scopeType

Returns:

• (String)

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4015

def scope_type
  @scope_type
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/admin_directory_v1/classes.rb', line 4022

def update!(**args)
  @assigned_to = args[:assigned_to] if args.key?(:assigned_to)
  @assignee_type = args[:assignee_type] if args.key?(:assignee_type)
  @condition = args[:condition] if args.key?(:condition)
  @etag = args[:etag] if args.key?(:etag)
  @kind = args[:kind] if args.key?(:kind)
  @org_unit_id = args[:org_unit_id] if args.key?(:org_unit_id)
  @role_assignment_id = args[:role_assignment_id] if args.key?(:role_assignment_id)
  @role_id = args[:role_id] if args.key?(:role_id)
  @scope_type = args[:scope_type] if args.key?(:scope_type)
end